I would recommend that you write it into your java application. An application that does a "lottery" with each request should probably include rate-limiting itself. That way, if you ever make changes, all the logic of the application is in one place.
- Y
Sent from a gizmo with a very small keyboard and hyperactive autocorrect.
Great thank you, Yehuda.How can I understand it? I should write a c program for apache? or I should write some java web application at tomcat level?
I see you speak "Though those modules exist, this might be best implemented in your application"Because this is a web site, it has to face concurrency issue. So I prefer to resolve this issue at httpd level.
Not sure if my thinking is good or not?Can you plz explain it more clear...
Looking forward to your nice feedback :)
At 2015-05-19 22:01:45, "Yehuda Katz" <yehuda@xxxxxxxxxx> wrote:
There are a few modules that you might be able to modify to meet your needs - although these things are generally designed for DDoS protection.
- mod_security - http://www.modsecurity.org/
- mod_evasive - http://www.zdziarski.com/blog/?page_id=442
- mod_cband - http://dembol.org/blog/mod_cband/
- mod_limitipconn - http://dominia.org/djao/limitipconn2.html
Though those modules exist, this might be best implemented in your application.Another way to do it would be with a log parsing tool like Fail2Ban.- YOn Tue, May 19, 2015 at 4:29 AM, javalishixml <javalishixml@xxxxxxx> wrote:Hi, I have a website. It is built by apache + tomcat. Now we make a lottery activity at this website. But we find that some robots always raise the duplicated requests to hit this lottery activity. It causes that robots almost get all the awards. So we just want to block these kind of duplicated requests at every interval unit. For example, we set the interval unit is 3 seconds. The if the robot want to hit the lottery activity in 3 seconds, the website could block this action. So how to do it? I suppose if we do it at tomcat level, is it a very low performance? Can I do it at apache level? how to do it? If I could not do it apache level? Thanks in advance, Java Coder